Menu
I am getting a list of all users in Active Directory and I need to check their status — if the user is active or disabled. I expect that userAccountControl should return user status, but I get only 512 for all users but one (who returns 66048) and this is not correlated with user status (as far as I know).
from ldap3 import Server, Connection
serverName = 'LDAP://server'
domainName = 'name'
userName = 'superuser'
password = 'password'
base = 'longString'
server = Server(serverName)
conn = Connection(server, read_only=True, user='{0}\\{1}'.format(domainName, userName), password=password, auto_bind=True)
conn.search(base, '(objectclass=person)', attributes=['displayName', 'mail', 'userAccountControl','sAMAccountName'])
for i in conn.entries:
print 'USER = {0} : {1} : {2}'.format(i.sAMAccountName.values[0], i.displayName.values[0], i.userAccountControl.values[0])
USER = ABC : John Smith : 512 USER = DEF : Sarah Connor : 514 USER = GHI : Thomas Anderson : 66048
Is it a correct way to get user status? Is there any other way to check AD user status with some application with UI?
830
asked Oct 22 '25 16:10
According to userAccountControl flags:
512 - Normal account (512),
514 - Disable account (2 + 512),
66048 - Normal account + dont expire password (65536 + 512).
106
answered Oct 25 '25 05:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With